Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities
CSSLP 2019
| Intermediate
- 20 videos | 1h 21m 20s
- Includes Assessment
- Earns a Badge
Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this course
locate and list the OWASP "Top 10"
locate and list the CWE list of software weaknesses
describe characteristics of injection attacks
recognize input validation failures such as buffer overflow, canonical, missing defense functions, and general programming failures
differentiate between common weakness enumerations and common vulnerabilities and exposure
describe side channels
describe social engineering attacks such as phishing
identify source code and versioning best practices
identify build environment best practices such as anti-tampering techniques and compiler switches -
recognize characteristics of peer-based code reviews
distinguish between static and dynamic code analysis
list the steps for code signing
analyze reused code for security vulnerabilities
differentiate between static and dynamic analysis
search for and identify malicious code
securely reuse third party code or libraries
recognize how to securely integrate components such as systems of systems integration
debug security errors
summarize the key concepts covered in this course
IN THIS COURSE
-
2m 24s
-
7m 1s
-
3. CWE3m
-
4. Injection Attacks9m 6s
-
5. Input Validation Failures7m 16s
-
6. Common Enumerations4m 32s
-
7. Side Channels2m 9s
-
8. Social Engineering Attacks5m 24s
-
9. Source Code and Versioning4m 34s
-
10. Build Environment Best Practices3m 32s
-
11. Peer-based and Manual Code Review3m 59s
-
12. Code Analysis2m 39s
-
13. Anti-tampering Techniques5m 1s
-
14. Code Reuse2m 19s
-
15. Static vs. Dynamic Analysis5m 26s
-
16. Malicious Code2m 27s
-
17. Third Party Code1m 55s
-
18. Integrating Components1m 57s
-
19. Security Errors4m 56s
-
20. Course Summary1m 42s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.YOU MIGHT ALSO LIKE
PEOPLE WHO VIEWED THIS ALSO VIEWED THESE
Likes 151
